Share via

How to install pki module in automation account.

Pradeep Kumar Ramagiri 40 Reputation points
2023-09-20T16:50:51.22+00:00

Hi Team,
I am currently working on automating the expired certificate for app registration. I have installed custom pki module for getting new selfsigned certificate creation. also i have entered the cmd for executing new selfsigned certificate.
I received the following error.
Unable to find type [Microsoft.CertificateServices.Commands.HardwareKeyUsage]. At C:\Modules\User\CustomPKI\CustomPKI.psm1:70 char:3 + [Microsoft.CertificateServices.Commands.HardwareKeyUsage[]] + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (Microsoft.Certi...ardwareKeyUsage:TypeName) [], RuntimeException + FullyQualifiedErrorId : TypeNotFound

Kindly help me on this.

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,366 questions
Windows for business | Windows Server | User experience | PowerShell

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AnuragSingh-MSFT 21,546 Reputation points Moderator
    2023-09-25T06:47:48.1866667+00:00

    Pradeep Kumar Ramagiri, thank you for the question.

    I see that you are trying to create a self-signed certificate using Azure Automation runbook and using the CustomPKI PowerShell module. Note that this module is almost 5 years old, and the latest version is from 2018.

    Based on its project site, this module requires the PKI Module. This PKI Module, the link to which directs to a PowerShell module with the name "PKIClient" is no longer available. It might be the case that this module was termed obsolete and has been retired. Since this module is no longer available, you are getting the error as mentioned in the question.

    1. There are some possible solutions to this scenario, and I have outlined them below. However, note that "Self-signed certificates are not trusted by default and they can be difficult to maintain. Also, they may use outdated hash and cipher suites that may not be strong. For better security, purchase a certificate signed by a well-known certificate authority." -- as cautioned in the article here.

    For alternatives, here are the options:

    1. You can directly use the "New-SelfSignedCertificate" PowerShell cmdlet in the runbook, and it should work (as I verified from a sample runbook). This removes the dependency of uploading additional modules in Automation Account for it to work. Note that - the behavior here might change in Automation Account runbook in future, as it is undocumented that this module is available and depending on the sandbox where the runbook runs. For more details of how the runbooks run, you may refer to this article - Runbook execution in Azure Automation
    2. To have more control on the modules and expected behavior, you may also consider using Hybrid runbook worker, where the runbooks get executed on a VM connected to Azure Automation account. This way you have better control on the runbook environment and the modules available. For details, see Automation Hybrid Runbook Worker overview.

    Hope this helps.

    If the answer did not help, please add more context/follow-up question for it, and we will help you out. Else, if the answer helped, please click Accept answer so that it can help others in the community looking for help on similar topics.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.